MGASA-2022-0031 - Updated expat packages fix security vulnerability

Publication date: 25 Jan 2022
URL: https://advisories.mageia.org/MGASA-2022-0031.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-45960,
     CVE-2021-46143,
     CVE-2022-22822,
     CVE-2022-22823,
     CVE-2022-22824,
     CVE-2022-22825,
     CVE-2022-22826,
     CVE-2022-22827

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places
in the storeAtts function in xmlparse.c can lead to realloc misbehavior
(e.g., allocating too few bytes, or only freeing memory). (CVE-2021-45960)

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer
overflow exists for m_groupSize. (CVE-2021-46143)

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22822)

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22823)

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22824)

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer
overflow. (CVE-2022-22825)

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22826)

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22827)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29902
- https://blog.hartwork.org/posts/expat-2-4-3-released/
- https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827

SRPMS:
- 8/core/expat-2.2.10-1.1.mga8